Privacy erosion – bug by bug, excuse by excuse
Last week I and many other commentators took up the story first released by the Guardian newspaper that Apple is keeping a file of your position on your iPhone and iPad and this information had a year or more of data in it and was available to anyone with access to your phone or the computer you sync the iPhone/iPad with. I highlighted this as a major privacy issue because I had not consciously signed up for this data to be stored and the consequences could be severe for people if they lose their phone/computer and the data is there. Some said it was no issue and was interesting in any case to see where they had been – yes it is, but I should know the file exists and have the ability to delete it or not have it stored in the first place.
Apple have belatedly come up with a detailed explanation of the location data stored and used on the iPhone. The summary is, yes Apple use cell tower (and by implication location) data from your phone, but they do so anonymously and to improve all users location services – OK so far. They go on to say that storing a year or more of data and backing that up to your sync computer were bugs and they will fix those issues (and won’t record at all if you have location services turned off). They now believe they only need to store 7 days of info. They also reiterate that they take privacy seriously:
“10. Does Apple believe that personal information security and privacy are important?
Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy.”
It is good to see Apple make a firm commitment to privacy and this a commitment the community should hold them to; however, I do question whether these truly were bugs or whether, like Facebook last year, Apple were pushing the privacy boundaries bit by bit and waiting to see who noticed. Why do I think that? Because in reaction to the Guardian article several people noted that amongst the technical community, and in at least one book published months beforehand, the consolidated.db file which contains the location data had been noted as had its contents. Am I therefore to believe that Apple did not know about this then? – hard to fathom. So after it becomes public knowledge with much concern expressed, the file is a bug – why not several months ago?
There is a strong suspicion that Apple is playing the same game as others and pushing the privacy boundaries further and further out, only to retract them a little when found out, before then pushing again later. This is only one episode so maybe I am being somewhat judgemental and it really was an unintended mistake – I hope so and I hope there isn’t a second or third mistake just around the corner!
Update: 28 April – ZD Net have a great quote in their analysis of Apple’s response that I just had to include: “There’s absolutely nothing wrong with what we’re not doing anyway, but we’ll fix the previously unsuspected bugs that made absolutely nothing wrong happen in the first case.“